SigningProvider

chie_crypto::hsm

Trait SigningProvider 

Source 
pub trait SigningProvider: Send + Sync {

Show 17 methods    // Required methods
    fn name(&self) -> &str;
    fn is_available(&self) -> bool;
    fn generate_key(&self, label: &str) -> HsmResult<KeyId>;
    fn import_key(
        &self,
        label: &str,
        secret_key: &SecretKey,
    ) -> HsmResult<KeyId>;
    fn get_public_key(&self, key_id: &KeyId) -> HsmResult<PublicKey>;
    fn sign(&self, key_id: &KeyId, message: &[u8]) -> HsmResult<SignatureBytes>;
    fn list_keys(&self) -> HsmResult<Vec<KeyMetadata>>;
    fn delete_key(&self, key_id: &KeyId) -> HsmResult<()>;
    fn key_exists(&self, key_id: &KeyId) -> bool;

    // Provided methods
    fn verify(
        &self,
        public_key: &PublicKey,
        message: &[u8],
        signature: &SignatureBytes,
    ) -> HsmResult<()> { ... }
    fn export_key(&self, key_id: &KeyId) -> HsmResult<SecretKey> { ... }
    fn get_key_metadata(&self, key_id: &KeyId) -> HsmResult<KeyMetadata> { ... }
    fn update_key_state(
        &self,
        key_id: &KeyId,
        state: KeyLifecycleState,
    ) -> HsmResult<()> { ... }
    fn health_check(&self) -> HsmResult<HealthStatus> { ... }
    fn batch_sign(
        &self,
        key_id: &KeyId,
        messages: &[&[u8]],
    ) -> HsmResult<Vec<SignatureBytes>> { ... }
    fn get_audit_log(&self, limit: usize) -> HsmResult<Vec<AuditEntry>> { ... }
    fn rotate_key(&self, key_id: &KeyId, new_label: &str) -> HsmResult<KeyId> { ... }

}
Expand description

Trait for cryptographic signing providers.

This trait abstracts over different key storage backends, allowing the same code to work with software keys, HSMs, or TPMs.

Required Methods§

Source

fn name(&self) -> &str

Get the provider name.

Source

fn is_available(&self) -> bool

Check if the provider is available and initialized.

Source

fn generate_key(&self, label: &str) -> HsmResult<KeyId>

Generate a new key pair and return its identifier.

Source

fn import_key(&self, label: &str, secret_key: &SecretKey) -> HsmResult<KeyId>

Import an existing secret key.

Source

fn get_public_key(&self, key_id: &KeyId) -> HsmResult<PublicKey>

Get the public key for a key identifier.

Source

fn sign(&self, key_id: &KeyId, message: &[u8]) -> HsmResult<SignatureBytes>

Sign a message using the specified key.

Source

fn list_keys(&self) -> HsmResult<Vec<KeyMetadata>>

List all key identifiers.

Source

fn delete_key(&self, key_id: &KeyId) -> HsmResult<()>

Delete a key.

Source

fn key_exists(&self, key_id: &KeyId) -> bool

Check if a key exists.

Provided Methods§

Source

fn verify( &self, public_key: &PublicKey, message: &[u8], signature: &SignatureBytes, ) -> HsmResult<()>

Verify a signature (can use public key directly).

Source

fn export_key(&self, key_id: &KeyId) -> HsmResult<SecretKey>

Export secret key (if allowed by key policy).

Source

fn get_key_metadata(&self, key_id: &KeyId) -> HsmResult<KeyMetadata>

Get key metadata including lifecycle state and usage stats.

Source

fn update_key_state( &self, key_id: &KeyId, state: KeyLifecycleState, ) -> HsmResult<()>

Update key lifecycle state.

Source

fn health_check(&self) -> HsmResult<HealthStatus>

Perform health check and return status.

Source

fn batch_sign( &self, key_id: &KeyId, messages: &[&[u8]], ) -> HsmResult<Vec<SignatureBytes>>

Batch sign multiple messages.

Source

fn get_audit_log(&self, limit: usize) -> HsmResult<Vec<AuditEntry>>

Get audit log entries (if supported).

Source

fn rotate_key(&self, key_id: &KeyId, new_label: &str) -> HsmResult<KeyId>

Rotate a key (generate new version while archiving old one).

Implementors§